Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c6/44d59e-dc7b-4d2c-ba45-4a91fabd8a8e/1/33WNZjFbjtJ5lS8ee8EqtFrBl9Y.roa
File:                     33WNZjFbjtJ5lS8ee8EqtFrBl9Y.roa (raw, json)
Hash identifier:          MHz9Wm40aTd30R9oY5UfuEITTKjrVq2m7D0NN/b/e7I=
Subject key identifier:   DF:75:8D:66:31:5B:8E:D2:79:95:2F:1E:7B:C1:2A:B4:5A:C1:97:D6
Certificate issuer:       /CN=e69e45a4481456148e2e00349d87aa57c56b24a0
Certificate serial:       019A25291E18CDAEAEEE3D09C372682D5755
Authority key identifier: E6:9E:45:A4:48:14:56:14:8E:2E:00:34:9D:87:AA:57:C5:6B:24:A0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5p5FpEgUVhSOLgA0nYeqV8VrJKA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c6/44d59e-dc7b-4d2c-ba45-4a91fabd8a8e/1/33WNZjFbjtJ5lS8ee8EqtFrBl9Y.roa
Signing time:             Mon 27 Oct 2025 10:14:02 +0000
ROA not before:           Mon 27 Oct 2025 10:14:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     59681
IP address blocks:        176.123.220.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c6/44d59e-dc7b-4d2c-ba45-4a91fabd8a8e/1/5p5FpEgUVhSOLgA0nYeqV8VrJKA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c6/44d59e-dc7b-4d2c-ba45-4a91fabd8a8e/1/5p5FpEgUVhSOLgA0nYeqV8VrJKA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5p5FpEgUVhSOLgA0nYeqV8VrJKA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 18:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:25:29:1e:18:cd:ae:ae:ee:3d:09:c3:72:68:2d:57:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e69e45a4481456148e2e00349d87aa57c56b24a0
        Validity
            Not Before: Oct 27 10:14:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=df758d66315b8ed279952f1e7bc12ab45ac197d6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:df:b6:0b:22:a2:8e:5d:88:9c:91:6b:c0:a3:
                    25:9a:39:26:8b:43:29:2f:bc:f9:ce:94:23:ac:e1:
                    cd:df:81:96:ab:17:5a:58:e6:8d:38:9b:2c:cf:91:
                    cc:e7:b1:a6:bc:68:70:ad:27:06:19:9b:41:79:d9:
                    c0:19:79:e9:db:52:22:38:49:31:ec:4f:b5:78:7b:
                    cf:2b:66:72:45:da:aa:f1:7d:26:09:78:63:4b:4a:
                    14:0b:ea:c6:40:63:4f:19:96:87:7b:ec:ba:46:a5:
                    e7:0b:4b:34:a3:1c:ab:a6:94:a9:c9:84:af:41:d3:
                    15:52:5d:8b:9e:a1:74:52:52:86:fe:94:c3:a4:6e:
                    68:09:6a:a6:95:0c:cc:1e:73:49:a6:84:6a:6d:83:
                    27:c6:80:32:11:b3:d2:22:18:d8:ed:17:78:a1:e4:
                    81:47:01:55:32:50:89:35:f3:db:6d:da:2d:cd:9e:
                    cd:8a:5d:80:fd:c3:ac:a7:27:f4:aa:d1:56:cd:bd:
                    56:27:cc:f9:02:ab:e5:61:27:5c:59:65:5e:d5:77:
                    fd:26:02:d2:6f:27:2c:88:23:46:25:a2:5c:34:f7:
                    61:29:e8:d1:7e:7f:2b:4f:cc:46:02:d6:51:a3:80:
                    34:0d:9e:90:f0:6f:00:05:18:40:ec:eb:01:77:d1:
                    10:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:75:8D:66:31:5B:8E:D2:79:95:2F:1E:7B:C1:2A:B4:5A:C1:97:D6
            X509v3 Authority Key Identifier:
                keyid:E6:9E:45:A4:48:14:56:14:8E:2E:00:34:9D:87:AA:57:C5:6B:24:A0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5p5FpEgUVhSOLgA0nYeqV8VrJKA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c6/44d59e-dc7b-4d2c-ba45-4a91fabd8a8e/1/33WNZjFbjtJ5lS8ee8EqtFrBl9Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c6/44d59e-dc7b-4d2c-ba45-4a91fabd8a8e/1/5p5FpEgUVhSOLgA0nYeqV8VrJKA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.123.220.0/23

    Signature Algorithm: sha256WithRSAEncryption
         46:62:ee:1b:41:96:41:ef:49:d9:c1:eb:95:1f:53:9d:4e:40:
         3f:92:e8:0e:18:c2:d2:b8:38:95:9f:f9:0b:00:32:7f:d4:98:
         f7:e1:d3:ea:d4:3f:02:eb:df:1f:6b:2c:20:ec:aa:ea:e8:28:
         f9:ad:c0:af:b4:95:48:c7:fe:d4:8e:25:d7:f0:05:cd:7a:4e:
         0b:7b:36:e5:ee:44:81:78:db:8a:c6:da:0a:7c:ea:c6:24:4f:
         74:1c:86:94:5f:09:21:6f:59:8e:71:53:02:44:b1:44:a2:42:
         30:1f:7a:77:2d:8e:6f:09:20:7f:2a:82:32:2a:ea:83:03:57:
         6e:c8:f9:4b:23:23:9c:e5:62:d2:36:1d:db:76:7d:35:64:b4:
         63:4e:57:1a:69:e0:50:a4:02:d4:2a:ce:ca:ed:53:85:f4:8e:
         90:6d:2d:62:fc:1a:5b:08:36:ee:c8:cc:a0:63:32:19:14:f4:
         31:32:e8:d8:8b:e1:04:2e:79:c3:70:f5:dc:7e:ea:c0:e9:40:
         32:f9:1f:df:e4:ff:7a:f8:90:ec:3f:62:d8:d4:de:22:34:90:
         ac:e7:75:90:d9:9f:6f:92:1f:01:22:9f:cc:fb:74:1c:60:e8:
         81:cd:38:ef:e5:52:e0:d5:19:15:9c:48:81:fe:4c:4b:69:16:
         f1:d2:c6:73
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZolKR4Yza6u7j0Jw3JoLVdVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU2OWU0NWE0NDgxNDU2MTQ4ZTJlMDAzNDlkODdhYTU3YzU2
YjI0YTAwHhcNMjUxMDI3MTAxNDAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZjc1OGQ2NjMxNWI4ZWQyNzk5NTJmMWU3YmMxMmFiNDVhYzE5N2Q2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvd+2CyKijl2InJFrwKMlmjkmi0Mp
L7z5zpQjrOHN34GWqxdaWOaNOJssz5HM57GmvGhwrScGGZtBednAGXnp21IiOEkx
7E+1eHvPK2ZyRdqq8X0mCXhjS0oUC+rGQGNPGZaHe+y6RqXnC0s0oxyrppSpyYSv
QdMVUl2LnqF0UlKG/pTDpG5oCWqmlQzMHnNJpoRqbYMnxoAyEbPSIhjY7Rd4oeSB
RwFVMlCJNfPbbdotzZ7Nil2A/cOspyf0qtFWzb1WJ8z5AqvlYSdcWWVe1Xf9JgLS
bycsiCNGJaJcNPdhKejRfn8rT8xGAtZRo4A0DZ6Q8G8ABRhA7OsBd9EQHQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN91jWYxW47SeZUvHnvBKrRawZfWMB8GA1UdIwQY
MBaAFOaeRaRIFFYUji4ANJ2HqlfFaySgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNXA1RnBFZ1VWaFNPTGdBMG5ZZXFWOFZySktBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNi80NGQ1OWUtZGM3Yi00ZDJjLWJhNDUt
NGE5MWZhYmQ4YThlLzEvMzNXTlpqRmJqdEo1bFM4ZWU4RXF0RnJCbDlZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNi80NGQ1OWUtZGM3Yi00ZDJjLWJhNDUtNGE5MWZhYmQ4YThl
LzEvNXA1RnBFZ1VWaFNPTGdBMG5ZZXFWOFZySktBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBsHvcMA0G
CSqGSIb3DQEBCwUAA4IBAQBGYu4bQZZB70nZweuVH1OdTkA/kugOGMLSuDiVn/kL
ADJ/1Jj34dPq1D8C698faywg7Krq6Cj5rcCvtJVIx/7UjiXX8AXNek4Lezbl7kSB
eNuKxtoKfOrGJE90HIaUXwkhb1mOcVMCRLFEokIwH3p3LY5vCSB/KoIyKuqDA1du
yPlLIyOc5WLSNh3bdn01ZLRjTlcaaeBQpALUKs7K7VOF9I6QbS1i/BpbCDbuyMyg
YzIZFPQxMujYi+EELnnDcPXcfurA6UAy+R/f5P96+JDsP2LY1N4iNJCs53WQ2Z9v
kh8BIp/M+3QcYOiBzTjv5VLg1RkVnEiB/kxLaRbx0sZz
-----END CERTIFICATE-----